About Defense Tech

Defense Tech examines the intersection of technology and defense from every angle and provides analysis on what’s ahead.

Tip Us Off

Tip for Defense Tech?

SEND IT!

It’s Confidential!

Cyber-warfare

NATO Ponders Returning Fire

Monday, June 7th, 2010

By Kevin Coleman
Defense Tech Cyber War Correspondent

Multiple cyber intelligence sources have warned for some time now of the growing cyber threat from Russia, China and others. The Albright Group recently released a report that stated that a cyber attack targeting the critical infrastructure of a NATO country or countries could equate to an armed attack, justifying retaliation. The warnings appear to now have come true. Recently, NATO members were the target of a series of cyber attacks said to be linked back to Russian hackers.

That appears to be exactly what is on the mind of NATO Commanders. Multiple sources say NATO is now considering the use of military force against enemies who launch cyber attacks on its member states. Many world leaders now fear that future cyber attacks will escalate up into a full blown cyber war and possibly evolve into a conventional form of conflict. Just recently, security and military advisors around the world have expressed their concern that a successful cyber attack on the critical infrastructure of a NATO country could lead to defense measures under article 5.
Reference: NATO: Article V and Collective Defense

Article 5 is a key component of the 1949 NATO Charter and states that any armed attack on one or more NATO countries would be considered an attack against all NATO countries. One thing is certain, the cyber threat situation is very dynamic and the proliferation of cyber weapons persists and capabilities of cyber weapons continue to increase. Once again the international rules of cyber conflict need to be developed and agreed upon.

New CYBERCOM Chief Says Military Has Zero Real Time Situational Awareness of Its Networks

Thursday, June 3rd, 2010

The new chief of U.S. Cyber Command, Gen. Keith Alexander, spoke at my alma mater CSIS in Washington, DC, this morning, and while he purposefully did not make any real news, he had some interesting comments on the policy issues surrounding the new (combatant?) command.

I find it a bit amusing when military officials make declarative statements such as “we will defend our cyberspace.” Okay, well, how are you going to defend cyberspace and still maintain functionality when so much of the military’s network resides on private sector networks? He didn’t explain that one very well; he did throw in the completely useless and overused descriptor “full spectrum” cyber operations.

I think the most interesting thing he said was the military has zero real time situational awareness of its networks. Hmmm, that’s not good. Most attacks are discovered after the fact, he said, when the forensic folks come in to clean up the mess. At that point it’s too late to do much other than learn what vulnerabilities might have been revealed; like using jump drives to transfer data between non-secure and secure computers might also pass along a bug.

Alexander said the military simply lacks a common operational picture of its networks (I wonder if China lacks SA of DOD networks).

On the subject of rules of engagement, Alexander was understandably reluctant to get too far into that one, as it appears to be constantly shifting, but he did say that there would be very different ROE during peacetime and wartime. Like ROE in war zones, I’m sure CYBERCOM will maintain an ambiguity around that one to allow it certain freedom of operations.

Like any good military official, he addressed the more complex issues facing his command by framing them in the form of a question. Such as: What if an adversary uses a neutral state’s networks to bounce their cyber attack through? And, what are the ROE when the U.S. homeland is under attack?

On the issues of civil liberties and privacy, Alexander said the key is oversight by government agencies, the courts and congress. I’m predicting now that CYBERCOM will someday have the largest collection of JAG officers of any command.

– Greg Grant

Iran — Enhancing Cyber Defense Capabilities

Wednesday, June 2nd, 2010

By Kevin Coleman
Defense Tech Cyber War Correspondent

Iranian Defense Minister Ahmad Vahidi recently said technological advances have increased the need for defensive preparations against “cyber war.” He went on: “At present, information and communication technologies are of great importance for different countries and we must prepare and equip ourselves against any form of cyber warfare.”

The increased tensions with Israel and the United States are seen as the main drivers behind Iran’s efforts to improve their cyber defenses. These comments and actions came just weeks after Iran claimed they took down a US-backed cyber network that was established to collect sensitive information on the country’s nuclear program and scientists as well as supporting and unrest after the June 2009 presidential election.

Iran is rated number 4 in terms of cyber war capabilities in “The Cyber Commander’s Handbook.” The scale is 1= low; 3=Medium; and 5=High.

Additional ratings are as follows:.

Cyber Capabilities Intent 4.1

Offensive Cyber Capabilities 3.6

Cyber Intelligence Capabilities 3.4

Overall Rating 3.6

It’s clear that offensive, defensive and intelligence capabilities in the cyber domain are highly sought after capabilities for Iran and many other countries in the world today. This gives further credence to experts who argue that we are in the midst of a cyber arms race.

Software Glitch Renders Dark Thousands of GPS Receivers, For Days

Tuesday, June 1st, 2010

While installing software upgrades to ground control stations for a new fleet of GPS satellites, Air Force inspectors discovered a glitch in software compatibility that rendered dark up to 10,000 GPS receivers for at least two weeks.

The new software was installed back in January and initially the Air Force blamed the contractor for writing a bad program, but now says it was a compatibility problem instead of defective code; the affected receivers all came from the same source. It took Air Force techs less than two weeks to discover the outage and begin putting in place a temporary fix; a more permanent fix is being distributed.

Apparently, the outage affected GPS receivers on the Navy’s in development carrier-launched drone, the X-47B. While willing to identify that Navy program, the Air Force refused to identify other weapons that might have been impacted by the software problem.

A spokesperson for the Air Force’s Space and Missile Systems Center told the AP that the military’s GPS system, and its heavily encrypted communications channel, is safe from cyber attack and that its never been hacked.

Some influential military leaders, such as Gen. James Mattis, who heads Joint Forces Command, aren’t so confident in GPS infallibility. He has repeatedly said the military must prepare to fight without its many battle command networks and sensors as any future enemy will target the system because they know full well how overly dependent the military is on systems such as GPS.

– Greg Grant

Everyone Knows More than the Person Responsible for Cyber Security

Wednesday, May 26th, 2010

By Kevin Coleman
Defense Tech Cyber Warfare Correspondent

Why is it that people without security clearances and no insight into the many classified cyber attacks discredit information derived from these incidents because the sources and some data cannot be disclosed? Some immediately jump to conspiracy theories and claim these incidents are made up for one reason or another in support of someone’s agenda.

For example, recently I read a report that was said to “debunk” a report of a specific cyber incident. The debunkers claimed the incident didn’t happen. Yet, I was personally involved in the incident at a classified level and experienced it first hand so I know it took place.

Another individual actually thought they knew more about a national cyber security issue than Mike McConnell, a former Vice-Admiral in the U.S. Navy, former Director of the National Security Agency, as well as being the Director of National Intelligence. It’s one thing to disagree with analysis or statements by Admiral McConnell, but to think they know more is quite different!

(more…)

CIA Boosting Cyber War Capabilities

Thursday, May 20th, 2010

By Kevin Coleman
Defense Tech Cyber War Correspondent

For some time now the CIA has been making investments in technology focused on defensive systems to prevent cyber threats, as well as offensive capabilities to launch cyber attacks and collect cyber intelligence. This is one of the CIA’s top three priorities within their current strategic plan looking out five years.

These are just a few of the numerous government wide initiatives to increase cyber capabilities across all agencies. These focus mainly on those who are responsible for protecting critical infrastructure within the United States like the Department of Homeland Security and the National Security Agency. Those who have reviewed this plan all concur, that technology and technological capabilities combine to become the key focus of the CIA’s strategic plan.

Inside officials said that the agency would substantively increase the technology budget by tens of millions of dollars. The same insiders said that technology provides advanced capabilities that increase the effectiveness and efficiency of intelligence collection, as well as increasing the ease with which covert operations can establish more credible covers.

In addition, the new technology will increase the collaborative capabilities of the CIA which is now a critical success factor for the organization. Some members of the intelligence community and experts in the field have expressed concern about the integrity of the new tech solutions given that many of the components that make up our technology capabilities come from foreign sources. “We need to bring hi-tech manufacturing back inside the United States,” said a source.

This is one of the reasons why Technolytics increased the intelligence technology market estimates back in June of 2009 to tens of billions of dollars.

The Race to Build a Secure Operating System

Tuesday, May 11th, 2010

By Kevin Coleman
Defense Tech Cyber Warfare Correspondent

In response to the continuous compromise of networks, multiple countries have begun developing secure platforms and operating systems. Computer companies, university researchers, defense R&D contractors and militaries around the world recognize the criticality of networks and embedded processors within their equipment. They also recognize how vulnerable they are and that’s why so much attention is being given to building in security at every level of the system including the operating system.

As discussed here, China’s Trusted Computing Platform (TCP) program has been underway for some time now and can be traced back to the early 2000s. The Chinese TCP includes multiple layers of built-in security, as well as trusted computing components at the chip operating system level and the machine operating system level.

European Union
Early in 2009 a Dutch university was awarded a grant for $3.3 million from the European Research Council to fund 5 more years of work on a Unix derivative version operating system called Minix. This research effort is designed to be more resilient and secure than either Linus or Windows. The most impressive feature in Minix is said to be its self healing feature. This is believed to be the first operating system with the capable of fixing itself when a bug is detected.

(more…)

China Demands Computer Encryption Codes From Cyber Security Firms

Monday, May 3rd, 2010

By Kevin Coleman
Defense Tech Cyber War Correspondent

Back in 2008, China first announced a certification process that included a set of computer security rules covering a broad swath of security products that they claimed were needed for national security reasons. The rules require security product vendors to provide China’s Certification and Accreditation Administration and the General Administration of Quality Supervision, Inspection and Quarantine with complete details of the inner-working of computer products in 13 different broad categories.

These rules cover the following categories:

1. Firewalls (hardware & software) but it does not apply to personal firewalls
2. Network security separation cards and line selectors
3. Security isolation and information exchange products
4. Secure network routers
5. Chip operating systems (COS)
6. Data backup and recovery products
7. Secure operating systems
8. Secure database systems
9. Anti-spam products
10. Intrusion detection systems
11. Network vulnerability scanning products
12. Security auditing products
13. Web site recovery products

These rules were originally due to go into effect in 2009, but were delayed until May 1, 2010 after complaints were made by U.S. and European Union officials.

(more…)

Returning Fire in Cyber Space; Oh They’ll Hear You Alright

Tuesday, April 27th, 2010

By Kevin Coleman
Defense Tech Chief Cyber War Correspondent

Just recently, Lt. Gen. Keith Alexander currently director of the National Security Agency, nominated to run U.S. Cyber Command, took a new, much more aggressive tone when asserting the right to return fire against cyber attacks aimed at the U.S. — even if an attacker’s identity remains unknown. He said that the U.S. military must be prepared to fight through in the worst case cyber scenario.

On the heels of these assertions, former Secretary of Homeland Security Michael Chertoff discussed using Special Operations Forces to take out servers being used in cyber attacks against the United States.

These comments quickly were scooped up and used by news agencies around the world. In one conversation I had with a caller, the individual pointed out that the Pentagon is hit by cyber attacks millions of times a day – so there are no shortage of targets once the military begins returning fire. Another individual expresses concerns about Richard Clark’s comment about cyber attacks leading to a convention war.

Many global leaders fear that cyber attacks will escalate up into a full blown cyber war. What is more concerning to many is that the Chairman of the Joint Chiefs – Adm. Michael Mullen has said he believes there’s a cyber war already in progress. Are we already in the early stages of a cyber war?

Private Sector-Military Collaboration Vital To Confront Cyber Threats

Monday, April 19th, 2010

By Kevin Coleman
Defense Tech Chief Cyber War Correspondent

Any comprehensive approach to cyber security will combine military capabilities, input from the software and information security industries, as well as a number of private sector (civilian) facets. Recently, General Gabor Horvath, Director of Concepts and Capabilities Development for the EU Military, said, “I am convinced there will be a combined civil-military goal in the future” and he isn’t the only one. Lt. General Director of the National Security Agency and the nominee to lead U.S. Cyber Command said many issues related to Cyber Command’s operations are yet to be determined and specifically mentioned collaboration with the private sector.

Militaries throughout the world are facing this same issue due primarily to dual-use technologies, but the internet and cyber warfare and defense has taken this to a significantly higher level. What is the difference between a security testing tool and a cyber weapon? The answer is simple: “intent.”

At last count, an estimated 150 countries/militaries are currently developing cyber warfare capabilities. The recent introduction of cyber arms dealers will make sure that number will grow given the number of terrorist groups and criminal organizations that seek these capabilities.

(more…)